Deutsche Bank was assessed a penalty of 50,000 euros (U.S. $54,000) by Germany’s financial supervisory authority for its alleged miscommunication of a 2023 information technology security incident.
BaFin announced the fine in a press release Monday, in which it said the bank “communicated incorrect information regarding a major customer-relevant IT security incident occurring in the provision of payment services.” Deutsche Bank was also faulted for its delayed reporting to the regulator. No further specifics were included in the release.
A bank spokesperson said in an emailed statement the incident occurred in June 2023 and the improper report was “rectified within a very short time.” The bank updated its processes in an effort to avoid any recurring issues.
Compliance considerations: In its release, BaFin emphasized the importance of banks promptly reporting security incidents that occur in the provision of payment services. Such matters must be classified as major or nonmajor within 24 hours of identification.
“If an operational or security incident is deemed to be major, the payment service provider must report it within four hours,” the regulator said. “The payment service provider must use BaFin’s reporting and publishing platform … to submit the notification.”
No comments yet